How to add security on my node.js web pages?

Question

Beginner NodeJs here.

I have created a registration and login page using nodejs and mysql.

It is just a basic setup wherein:

I have a form which submit to nodejs to register (will add a row in mysql database with email and password) and login/authenticate (which will just do a lookup in mysql and search for equivalent email and password).

I can register and login no problem.

The steps I followed are from here: http://www.expertphp.in/article/user-login-and-registration-using-nodejs-and-mysql-with-example

I have also edited the code a little that if It login successfully, it will redirect to a page via this code..

    if (password==results[0].password){
                // res.json({
                //     status:true,
                //     message: 'successfully authenticated'
                // });
                var sample = req.body.email;
                var newsample = sample.split('@')[0];
                return res.redirect('/users/1/?username=' + newsample);

and I also have this route in my users.js

    router.get('/1/*', function(req, res, next) {
      var q = url.parse(req.url, true).query;
      var txt = "Welcome" + q.username;
      res.send(txt);
     });

it works fine.

What I want to accomplish is that, I can only access the link

http://localhost:3000/users/1/?username=*

if I came from the login page and have authenticated.

Hope you can guide me on how to do about it or a hint on how it is done.

I have search but only found links which uses a different library or authentication which i find hard to understand. Pardon my being noob.

A working example would be very helpful for me.

Thank you.

Answer 1

I think you handle user authentication in a hard way, you can use passport.js it will help you a lot

but you can use the session to save what is necessary to check if the user is logged in like user id and check this session in a custom middleware